{"id":"https://openalex.org/W4385187279","doi":"https://doi.org/10.1109/sp46215.2023.10179324","title":"Examining Zero-Shot Vulnerability Repair with Large Language Models","display_name":"Examining Zero-Shot Vulnerability Repair with Large Language Models","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4385187279","doi":"https://doi.org/10.1109/sp46215.2023.10179324"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179324","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179324","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053148078","display_name":"Hammond Pearce","orcid":"https://orcid.org/0000-0002-3488-7004"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hammond Pearce","raw_affiliation_strings":["New York University"],"affiliations":[{"raw_affiliation_string":"New York University","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069388936","display_name":"Benjamin Tan","orcid":"https://orcid.org/0000-0002-7642-3638"},"institutions":[{"id":"https://openalex.org/I168635309","display_name":"University of Calgary","ror":"https://ror.org/03yjb2x39","country_code":"CA","type":"education","lineage":["https://openalex.org/I168635309"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Benjamin Tan","raw_affiliation_strings":["University of Calgary"],"affiliations":[{"raw_affiliation_string":"University of Calgary","institution_ids":["https://openalex.org/I168635309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063392410","display_name":"Baleegh Ahmad","orcid":"https://orcid.org/0000-0001-6854-3966"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Baleegh Ahmad","raw_affiliation_strings":["New York University"],"affiliations":[{"raw_affiliation_string":"New York University","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059648257","display_name":"Ramesh Karri","orcid":"https://orcid.org/0000-0001-7989-5617"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ramesh Karri","raw_affiliation_strings":["New York University"],"affiliations":[{"raw_affiliation_string":"New York University","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060815601","display_name":"Brendan Dolan-Gavitt","orcid":"https://orcid.org/0000-0002-8867-4282"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brendan Dolan-Gavitt","raw_affiliation_strings":["New York University"],"affiliations":[{"raw_affiliation_string":"New York University","institution_ids":["https://openalex.org/I57206974"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5053148078"],"corresponding_institution_ids":["https://openalex.org/I57206974"],"apc_list":null,"apc_paid":null,"fwci":20.3599,"has_fulltext":false,"cited_by_count":95,"citation_normalized_percentile":{"value":0.99535265,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"2339","last_page":"2356"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.993399977684021,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/zero","display_name":"Zero (linguistics)","score":0.5839405655860901},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5813165307044983},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5730230808258057},{"id":"https://openalex.org/keywords/ground-zero","display_name":"Ground zero","score":0.4145713150501251},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32476598024368286},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.15257534384727478},{"id":"https://openalex.org/keywords/linguistics","display_name":"Linguistics","score":0.13364958763122559},{"id":"https://openalex.org/keywords/nuclear-physics","display_name":"Nuclear physics","score":0.08162805438041687}],"concepts":[{"id":"https://openalex.org/C2780813799","wikidata":"https://www.wikidata.org/wiki/Q3274237","display_name":"Zero (linguistics)","level":2,"score":0.5839405655860901},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5813165307044983},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5730230808258057},{"id":"https://openalex.org/C2780518707","wikidata":"https://www.wikidata.org/wiki/Q685332","display_name":"Ground zero","level":2,"score":0.4145713150501251},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32476598024368286},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.15257534384727478},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.13364958763122559},{"id":"https://openalex.org/C185544564","wikidata":"https://www.wikidata.org/wiki/Q81197","display_name":"Nuclear physics","level":1,"score":0.08162805438041687},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46215.2023.10179324","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179324","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":45,"referenced_works":["https://openalex.org/W46679369","https://openalex.org/W1990371686","https://openalex.org/W2070111972","https://openalex.org/W2099671082","https://openalex.org/W2118315969","https://openalex.org/W2121204404","https://openalex.org/W2145373440","https://openalex.org/W2153881107","https://openalex.org/W2170224888","https://openalex.org/W2734941459","https://openalex.org/W2766411424","https://openalex.org/W2806377938","https://openalex.org/W2888328667","https://openalex.org/W2907705732","https://openalex.org/W2972082064","https://openalex.org/W3015080226","https://openalex.org/W3043761819","https://openalex.org/W3085434149","https://openalex.org/W3098684777","https://openalex.org/W3129269689","https://openalex.org/W3134686229","https://openalex.org/W3161027892","https://openalex.org/W3170962973","https://openalex.org/W3177813494","https://openalex.org/W3195749400","https://openalex.org/W3214353108","https://openalex.org/W4232581246","https://openalex.org/W4243820718","https://openalex.org/W4245717706","https://openalex.org/W4247966332","https://openalex.org/W4254188649","https://openalex.org/W4281763794","https://openalex.org/W4287024925","https://openalex.org/W4288614128","https://openalex.org/W4292779060","https://openalex.org/W6601894380","https://openalex.org/W6639560864","https://openalex.org/W6682703593","https://openalex.org/W6740151708","https://openalex.org/W6778883912","https://openalex.org/W6795043277","https://openalex.org/W6798182279","https://openalex.org/W6800166007","https://openalex.org/W6800844176","https://openalex.org/W6862774383"],"related_works":["https://openalex.org/W4300821880","https://openalex.org/W4402779703","https://openalex.org/W4313594480","https://openalex.org/W2285651113","https://openalex.org/W4256031153","https://openalex.org/W3279617","https://openalex.org/W4293365998","https://openalex.org/W2327903337","https://openalex.org/W2768862283","https://openalex.org/W2168002573"],"abstract_inverted_index":{"Human":[0],"developers":[1],"can":[2],"produce":[3],"code":[4,11,31],"with":[5],"cybersecurity":[6],"bugs.":[7],"Can":[8],"emerging":[9],"\u2018smart\u2019":[10],"completion":[12],"tools":[13],"help":[14],"repair":[15,128],"those":[16],"bugs?":[17],"In":[18],"this":[19],"work,":[20],"we":[21],"examine":[22],"the":[23,48,67,120,141],"use":[24],"of":[25,50,59,86,107,130,140,147],"large":[26,83],"language":[27],"models":[28],"(LLMs)":[29],"for":[30,40],"(such":[32],"as":[33,93,95],"OpenAI\u2019s":[34],"Codex":[35],"and":[36,76,99,110,134],"AI21\u2019s":[37],"Jurassic":[38],"J-1)":[39],"zero-shot":[41],"vulnerability":[42],"repair.":[43],"We":[44,80],"investigate":[45],"challenges":[46,152],"in":[47,153],"design":[49],"prompts":[51],"that":[52,118],"coax":[53],"LLMs":[54,125],"into":[55],"generating":[56,154],"repaired":[57],"versions":[58],"insecure":[60],"code.":[61,157],"This":[62],"is":[63],"difficult":[64],"due":[65],"to":[66,70],"numerous":[68],"ways":[69],"phrase":[71],"key":[72],"information\u2014":[73],"both":[74],"semantically":[75],"syntactically\u2014with":[77],"natural":[78],"languages.":[79],"perform":[81],"a":[82,105,137,145],"scale":[84],"study":[85],"five":[87],"commercially":[88],"available,":[89],"black-box,":[90],"\"off-the-shelf\"":[91],"LLMs,":[92],"well":[94],"an":[96],"open-source":[97],"model":[98],"our":[100,131],"own":[101],"locally-trained":[102],"model,":[103],"on":[104],"mix":[106],"synthetic,":[108],"hand-crafted,":[109],"real-world":[111,149],"security":[112],"bug":[113],"scenarios.":[114],"Our":[115],"experiments":[116],"demonstrate":[117],"while":[119],"approach":[121],"has":[122],"promise":[123],"(the":[124],"could":[126],"collectively":[127],"100%":[129],"synthetically":[132],"generated":[133],"hand-crafted":[135],"scenarios),":[136],"qualitative":[138],"evaluation":[139],"model\u2019s":[142],"performance":[143],"over":[144],"corpus":[146],"historical":[148],"examples":[150],"highlights":[151],"functionally":[155],"correct":[156]},"counts_by_year":[{"year":2026,"cited_by_count":15},{"year":2025,"cited_by_count":30},{"year":2024,"cited_by_count":40},{"year":2023,"cited_by_count":10}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}